Network firewalls filter traffic by comparing all arriving packets to a set of rules, typically in a sequential manner. This activity requires a high amount of processing time and introduces a significantly delay to the traffic. As a result, a packet filter can become a bottleneck for the connection [3] [5]. For this reason, speed requirement is a fundamental feature for a network firewall. In this paper, we analyse the results of a firewall performance testing, in which we compare the packet processing time of two popular Open Source O.S., Linux and OpenBSD, with their related packet filter tools, Iptables and PF (Packet Filter). Our goals are to evaluate the packet forwarding speed of tested environment and to determine how different conditions can affect performances; therefore tests are made under a variety of conditions and configurations. Linux or OpenBSD based firewalls are often used as routing-firewalls, but they both also have the ability to act as bridging-firewalls, so we tested and compared them in that configuration too.
Linux vs. OpenBSD: A Firewall Performance Test
Adamo M;
2005
Abstract
Network firewalls filter traffic by comparing all arriving packets to a set of rules, typically in a sequential manner. This activity requires a high amount of processing time and introduces a significantly delay to the traffic. As a result, a packet filter can become a bottleneck for the connection [3] [5]. For this reason, speed requirement is a fundamental feature for a network firewall. In this paper, we analyse the results of a firewall performance testing, in which we compare the packet processing time of two popular Open Source O.S., Linux and OpenBSD, with their related packet filter tools, Iptables and PF (Packet Filter). Our goals are to evaluate the packet forwarding speed of tested environment and to determine how different conditions can affect performances; therefore tests are made under a variety of conditions and configurations. Linux or OpenBSD based firewalls are often used as routing-firewalls, but they both also have the ability to act as bridging-firewalls, so we tested and compared them in that configuration too.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
